package com.hsd.znsh.config;


import com.hsd.znsh.code.ValidateCodeSecurityConfig;
import com.hsd.znsh.properties.SecurityConstants;
import com.hsd.znsh.properties.SecurityProperties;
import com.hsd.znsh.security.app.APPSecurityConfig;
import com.hsd.znsh.security.pc.PCSecurityConfig;
import com.hsd.znsh.security.session.MyExpiredSessionStrategy;
import com.hsd.znsh.security.session.MyInvalidSessionStrategy;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.session.InvalidSessionStrategy;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;

import java.util.List;


@Configuration
public class ZnshSecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	private SecurityProperties securityProperties;

	@Autowired
	private UserDetailsService userDetailsService;

	@Autowired
	private AuthenticationEntryPoint authenticationEntryPoint;

	@Autowired
	private LogoutSuccessHandler logoutSuccessHandler;

    @Autowired
    protected AuthenticationSuccessHandler myAuthenticationSuccessHandler;

    @Autowired
    protected AuthenticationFailureHandler myAuthenticationFailureHandler;

	@Autowired
	private PCSecurityConfig pcSecurityConfig;

	@Autowired
	private ValidateCodeSecurityConfig validateCodeSecurityConfig;

	@Autowired
	private SessionInformationExpiredStrategy sessionInformationExpiredStrategy;

	@Autowired
	private InvalidSessionStrategy invalidSessionStrategy;

	@Autowired
	private SessionRegistry sessionRegistry;

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.exceptionHandling()
				.authenticationEntryPoint(authenticationEntryPoint)
				.and()
			.formLogin()
				.loginPage(SecurityConstants.DEFAULT_PC_LOGIN_PROCESSING_URL)
				.loginProcessingUrl(SecurityConstants.DEFAULT_MANAGER_LOGIN_PROCESSING_URL)
                .successHandler(myAuthenticationSuccessHandler)
                .failureHandler(myAuthenticationFailureHandler)
				.and()
             .logout()
				.logoutSuccessHandler(logoutSuccessHandler)
                .and()
			.apply(pcSecurityConfig)
				.and()
			.apply(validateCodeSecurityConfig)
				.and()
			.rememberMe()
				.tokenValiditySeconds(securityProperties.getBrowser().getRememberMeSeconds())
				.userDetailsService(userDetailsService)
				.and()
			.sessionManagement()
				.invalidSessionStrategy(invalidSessionStrategy)
				.maximumSessions(securityProperties.getBrowser().getSession().getMaximumSessions())
				.maxSessionsPreventsLogin(securityProperties.getBrowser().getSession().isMaxSessionsPreventsLogin())
				.expiredSessionStrategy(sessionInformationExpiredStrategy)
				.sessionRegistry(sessionRegistry)
				.and()
				.and()
			.authorizeRequests()
				.antMatchers(
					    SecurityConstants.DEFAULT_PC_LOGIN_PROCESSING_URL,
						SecurityConstants.DEFAULT_APP_LOGIN_PROCESSING_URL,
						SecurityConstants.DEFAULT_MANAGER_LOGIN_PROCESSING_URL,
                        SecurityConstants.DEFAULT_REGISTER_URL,
                        SecurityConstants.DEFAULT_VALIDATE_CODE_URL,
						SecurityConstants.FORGET_PASSWORD_URL,
						SecurityConstants.GET_FARM_IMAGE_URL,
                        SecurityConstants.GATEWAY_INVALID_URL,
                        "/**/*.*","/app/**")
					.permitAll()
				.antMatchers("/manager/**").hasAnyRole("BACKGROUND_MANAGER","ROOT")
				.antMatchers("/root/**").hasRole("ROOT")
				.antMatchers("/pc/**").hasAnyRole("GENERAL","VIP","PC_MANAGER")
				.anyRequest()
				.authenticated()
				.and()
			.csrf().disable();
	}



}
